Techdirt. Stories filed under "leaking"Easily digestible tech news...https://www.techdirt.com/
en-usTechdirt. Stories filed under "leaking"https://ii.techdirt.com/s/t/i/td-88x31.gifhttps://www.techdirt.com/Tue, 26 Sep 2017 10:43:00 PDTFBI Misconstrued Content Of Doc Leaker Reality Winner's Jailhouse CallsTim Cushinghttps://www.techdirt.com/articles/20170926/09401438287/fbi-misconstrued-content-doc-leaker-reality-winners-jailhouse-calls.shtml
https://www.techdirt.com/articles/20170926/09401438287/fbi-misconstrued-content-doc-leaker-reality-winners-jailhouse-calls.shtml
The ongoing prosecution of document leaker Reality Winner has developed some new wrinkles. Despite having a very traceable leaked document in hand, the FBI is pitching in by misleading government lawyers -- and by extension, the presiding court. Maybe it's deliberate. Maybe it isn't. Either way, the administration wants desperately to crack down on leakers, and having a high-profile case result in a multi-year sentence would be a good start.

Right now, the government just wants to keep Winner locked up until her trial. Prosecutors have been arguing against her being released from jail by misconstruing the contents of recorded calls from Winner. (h/t Jeremy Scahill)

In arguing for her to be kept in the Lincoln County Jail in Lincolnton, Assistant U.S. Attorney Jennifer Solari told a judge Winner was recorded in a jailhouse phone call discussing some “documents” — plural — raising concerns she might have gathered other top-secret information beyond the NSA report she is accused of leaking. Solari said she was also overheard directing the transfer of $30,000 from her savings account to her mother’s account because the court had taken away her free appointed counsel.

But none of this is true. And it's not as though it's a matter of interpretation. Recordings exist.

But in an email to Winner’s attorneys on June 29, Solari said Winner could be heard in the recording telling her mom she “leaked a document,” singular. And in another recorded phone call, Solari said, Winner asked her mom to transfer her money because of fears authorities “might freeze it.” Winner’s attorneys said she was afraid she would not be able to pay her bills if her account were frozen.

So, where did this bogus info come from? The FBI, of course, which can't be bothered to let a recording literally speak for itself. US Attorney Solari stated in her email her comments on plural documents and the reasons for the requested funds transfer came from "verbal summaries" of the calls provided by the feds.

If there's anything the FBI has shown a systemic dislike for, it's recordings. Despite several decades of recording tech advancements, the FBI prefers pen-and-paper for "recording" interviews with suspects, indictees, and witnesses. In this case, the FBI could have given the prosecutor the recordings directly. Instead, it chose to provide an inaccurate summary. With the FBI, it's never your word against theirs. It's the FBI's words. Period.

Winner's attorneys have asked for her release pending trial, pointing to former military personnel who were allowed to roam free before having their day in court -- people like Gen. Petraeus, who was allowed to retain his position as CIA director up until he plead guilty to mishandling classified documents. But, as her attorneys are surely aware, a multi-tiered justice system doesn't allow for the release of NSA contractors who don't have Forever War Hero listed on their resumes.

Beneath all of this is one incredible fact: the FBI chose to present a verbal recap rather than hand over recordings. If the prosecutor hadn't bothered to listen to the tapes, the judge would be relying on misstatements made by the FBI when making a decision affecting someone's freedom. And if it had gone further than this, those verbal recaps might have been entered as evidence showing Winner was seeking to cut-and-run and possibly leak more documents -- both of which would have had an extremely adverse effect on her sentencing.

Permalink | Comments | Email This Story
]]>press-'record'-and-be-done-with-ithttps://www.techdirt.com/comment_rss.php?sid=20170926/09401438287Tue, 17 Jan 2017 13:50:21 PSTSurprise: President Obama Commutes Chelsea Manning's SentenceMike Masnickhttps://www.techdirt.com/articles/20170117/13431636504/surprise-president-obama-commutes-chelsea-mannings-sentence.shtml
https://www.techdirt.com/articles/20170117/13431636504/surprise-president-obama-commutes-chelsea-mannings-sentence.shtmlcommuted the bulk of Chelsea Manning's sentence, meaning she will be freed this May, rather than having to spend another three decades in jail. Manning, of course, was sent to prison for sharing a large chunk of US diplomatic cables with Wikileaks. Manning was sentenced to 35 years in prison nearly four years ago (with credit for the 3.5 years she'd already been held, often in solitary confinement). Many people were already outraged at the sentence, especially given that there was no evidence of any actual harm from the leaks.

There were two big campaigns going on over the past few months -- one to pardon Ed Snowden, and another to commute Manning's sentence. President Obama had already made it fairly clear that he had no interest in pardoning Snowden based on the totally false claim that he could not pardon Snowden prior to Snowden being convicted. In the past few weeks, however, there were at least a few hints and rumors that Obama was seriously considering commuting Manning's sentence, and that led to even more focus on the campaign. Ed Snowden himself also advocated for Manning, even ahead of his own case:

Mr. President, if you grant only one act of clemency as you exit the White House, please: free Chelsea Manning. You alone can save her life.

And yes, commuting the sentence (which shortens the sentence, but is not a full pardon...) is a form of clemency. So now there's a separate question to ask: will Assange agree to be extradited to the US (or will he just come here voluntarily?). Perhaps after Trump takes over later this week, that won't be such a huge concern, since Trump has magically morphed into a huge Wikileaks/Assange supporter.

Unfortunately, though, it does appear that the likelihood of a Snowden pardon is also almost nil. In discussing today's commutation of Manning's sentence, White House spokesperson Josh Earnest basically argued that what Snowden did was much worse than Manning, because he "fled":

"Chelsea Manning is somebody who went through the military criminal justice process, was exposed to due process, was found guilty, was sentenced for her crimes, and she acknowledged wrongdoing," he said. "Mr. Snowden fled into the arms of an adversary, and has sought refuge in a country that most recently made a concerted effort to undermine confidence in our democracy."

He also noted that while the documents Ms. Manning provided to WikiLeaks were "damaging to national security," the ones Mr. Snowden disclosed were "far more serious and far more dangerous." (None of the documents Ms. Manning disclosed were classified above the merely “secret” level.)

While I agree that there was a difference in the types of documents revealed, one might also make the argument that Snowden's leaks revealed much more serious problems and the impact of his leaks were much more important in revealing to the American public abuses by our own government. Separately, the whole "fled into the arms of adversary" thing is silly as well. As has been explained multiple times, Snowden ended up in Russia after the US pulled his passport while he was traveling. And, at the same time, a big part of the reason Snowden left the US was the unfortunate treatment of Manning by the military judicial process. Snowden properly surmised that he would not be treated fairly. And apparently that continues to this day.

Either way, it's good that Manning's sentence has been commuted. It's been clear from many reports that Manning was unlikely to survive the full sentence given to her, and she's been treated horribly in prison as well. It's still too bad that President Obama is unwilling to also pardon Snowden.

Permalink | Comments | Email This Story
]]>about-timehttps://www.techdirt.com/comment_rss.php?sid=20170117/13431636504Thu, 9 Jun 2016 10:38:00 PDTGen. Petraeus Leaked Classified Info To Journalists, Sent Sensitive Documents To Non-Secure Email AccountsTim Cushinghttps://www.techdirt.com/articles/20160609/09071034664/gen-petraeus-leaked-classified-info-to-journalists-sent-sensitive-documents-to-non-secure-email-accounts.shtml
https://www.techdirt.com/articles/20160609/09071034664/gen-petraeus-leaked-classified-info-to-journalists-sent-sensitive-documents-to-non-secure-email-accounts.shtml
General Petraeus, despite turning over "little black books" filled with classified info to his mistress/biographer (Paula Broadwell), is now serving out his mild non-sentence by suffering through high-paying speaking gigs. The government -- "punishing" one of its own -- ended up implying there was somehow a difference between Petraeus and others who turned over classified information to journalists.

"There is a recorded conversation between Petraeus and, inter alia, Washington Post reporters, which, based on the information and belief of your affiant, occurred in or about March 2011," Special Agent Diane Wehner wrote. "In the conversation, Petraeus stated, 'I would really love to be on background as a senior military officer.' Later in the recording, Petraeus discusses sensitive military campaigns and operations, some of which, on the basis of a preliminary review ... is believed to contain classified information, including information at the Top Secret level."

Apparently, the difference between having your life destroyed and having your life slightly inconvenienced depends on how you've portrayed the government to the press with your links. Leaks made in support of government activity have always received a warmer reception.

The government may believe Petraeus is no common leaker, but it's also going to have to extend its hypocritical shrug to encompass the phrase, "He's no Hillary Clinton."

The FBI affidavit also indicates that investigators believed Petraeus "likely" agreed to help Broadwell gather classified information from others. In 2011, Broadwell wrote to an Army lieutenant colonel seeking details about his unit's operations. The officer replied by asking for "a good SIPR number," referring to a government network for handling classified information.

"If you have classified material, Gen Petraeus has been gracious enough to allow me to have you send the storyboards and material to his SIPR account; I'll pick them up as soon as you send the word! I've copied him on this email," Broadwell wrote.

Yes, General Petraeus sent classified info to several email addresses (both Broadwell and Petraeus used more than one account, along with burner phones, to communicate), none of which appear to have been designated as secure.

The FBI apparently pushed for felony charges under the Espionage Act, but the DOJ overrode it, allowing Petraeus to walk away with two years probation on a lesser "mishandling" charge. I'm sure the FBI feels the same thing will happen again with Clinton, no matter what it uncovers during its investigation of her private email server usage. According to former AG Eric Holder, Petraeus wasn't treated differently than any of the other leakers the DOJ has prosecuted over the past several years. It just looked that way because of reasons Holder won't discuss.

"There were some unique things that existed in that case that would have made prosecution at the felony level — and conviction at the felony level — very, very, very problematic."

In the context of Petraeus' actions, "problematic" seems to be another way of saying "embarrassing." Holder's statement to Politico tries to portray the prosecution as lacking in evidence to make a felony charge stick. But the evidence appears to be there. The only thing lacking was the will to do so, both by the DOJ and the administration guiding its moves.

Permalink | Comments | Email This Story
]]>DOJ-points-to-lightly-stung-wrists-as-proof-justice-has-been-servedhttps://www.techdirt.com/comment_rss.php?sid=20160609/09071034664Fri, 24 Apr 2015 10:17:55 PDTCompare And Contrast Prosecution And Sentences Of David Petraeus With Government WhistleblowersTrevor Timm, FPFhttps://www.techdirt.com/articles/20150424/06331530782/compare-contrast-prosecution-sentences-david-petraeus-with-government-whistleblowers.shtml
https://www.techdirt.com/articles/20150424/06331530782/compare-contrast-prosecution-sentences-david-petraeus-with-government-whistleblowers.shtml
Former CIA director David Petraeus received his sentence yesterday for the sweetheart plea deal he struck with the Justice Department after he was discovered to have leaked highly classified information to his biographer and lover Paula Broadwell. As was widely anticipated, the celebrated general received no jail time and instead got only two-years probation plus a $100,000 fine. (As journalist Marcy Wheeler has pointed out, that's less than Petraeus receives for giving one speech.)

The gross hypocrisy in this case knows no bounds. At the same time as Petraeus got off virtually scot-free, the Justice Department has been bringing the hammer down upon other leakers who talk to journalists—sometimes for disclosing information much less sensitive than Petraeus did. It's worth remembering Petraeus' leak was not your run-of-the-mill classified information; it represented some of the most compartmentalized secrets in government. Here's how the original indictment described the eight black books Petraeus handed over to Paula Broadwell:

The books "collectively contained classified information regarding the identifies of covert officers, war strategy, intelligence capabilities and mechanisms, diplomatic discussions, quotes and deliberative discussions from high-level National Security Council meetings… and discussions with the president of the United States."

While Petraeus' supporters claim none of this information was ever released to the public after he leaked it to Broadwell, that does not matter in leak cases. You can just ask former CIA officer John Kiriakou, who disclosed the names of two supposedly undercover CIA officers to a researcher. The names were never published, but Kiriakou still got thirty months in jail.

Let's also not forget that David Petraeus lied to FBI officials when they questioned him about his leak. For a reason the Justice Department never explained, he wasn't charged for lying at all. As the New York Times pointed out today, "Lying to federal agents is a felony that carries a sentence of up to five years in prison. The Justice Department has used that charge against terrorists, corrupt politicians and low-level drug dealers." Just apparently not former CIA directors.

Petraeus' deal comes just days after federal prosecutors recommended another sentence to a convicted leaker who worked for the same Central Intelligence Agency—Jeffrey Sterling. In Sterling's case the prosecutors are calling for twenty-four years of prison time. Sterling was convicted of leaking information to Pulitzer Prize-winning reporter James Risen about a botched CIA mission that occurred almost two decades ago. The lawyer for former State Department official Stephen Kim, currently in jail for leaking innocuous information to Fox News' James Rosen, has also objected to the "profound double standard" in Petraeus' case versus Kim's.

To be fair, the rank-and-file at the FBI and Justice Department seem to recognize how egregious the hypocrisy surrounding Petraeus' case is: while Attorney General Eric Holder himself signed off on the lenient deal, he reportedly did so over strenuous objections from FBI and DOJ officials.

Ultimately, no one should be charged under the Espionage Act for leaking information to journalists, but if the government is going to bring charges against low-level officials, it has a responsibility to do so against high-ranking generals as well. And actually, the Justice Department's reasoning behind not seeking a trial for Petraeus is quite telling for just how unjust the Espionage Act is. As the New York Times reported:

[W]ithout a deal, the Justice Department would have faced the prospect of going to trial against a decorated war hero over a disclosure of secrets that President Obama himself said did not harm national security. Plus, a trial would require the government to reveal some of the classified information.

The Justice Department's fear about an embarrassing trial is one the most egregious aspects of Espionage Act prosecutions against leakers and whistleblowers: defendants can be found guilty even if there was no damage to national security at all. It's not one of the elements of the crime, so prosecutors don't have to prove it. By forgoing a trial because they are afraid of graymail, the government is also basically saying to future leakers "if you're going to leak classified information, make sure it's something really classified."

It's possible that Petraeus' deal was so egregious that this could be good news for other leakers. The Daily Beast's Kevin Mauer argued as much earlier today:

Petraeus's relatively light punishment will likely have lasting ramifications on future leak cases, national security lawyers said. They argue the government is cutting its own throat by offering him a more lenient sentence in the wake of harsher penalties to other leakers and creating a double standard that can be exploited by defense attorneys in future cases.

However, given the government's unrelenting pursuit of Sterling, there is little chance of this having a lasting effect. Unfortunately, the Petraeus case will go down in history as one of the most blatant examples of the inherent unfairness of leak trials and the two-tiered system of justice that whistleblowers often face.

Permalink | Comments | Email This Story
]]>high-court,-low-courthttps://www.techdirt.com/comment_rss.php?sid=20150424/06331530782Wed, 22 Apr 2015 01:02:05 PDTWelcome To The New League Of Leakers -- Courtesy Of Edward SnowdenGlyn Moodyhttps://www.techdirt.com/articles/20150421/09333930739/welcome-to-new-league-leakers-courtesy-edward-snowden.shtml
https://www.techdirt.com/articles/20150421/09333930739/welcome-to-new-league-leakers-courtesy-edward-snowden.shtml
Whistleblowers are hardly a new phenomenon -- Wikipedia lists dozens of the more famous ones, going back to the 18th century. There have also been important government whistleblowers before -- people like Daniel Ellsberg, William Binney, Thomas Drake and John Kiriakou. Chelsea Manning's leak was on a huge scale, and garnered enormous media attention. And yet there is no doubt that it is Edward Snowden who has really changed the whistleblowing world most dramatically.

Because of what he leaked, and the way he leaked it -- the fact that he has evaded arrest, and is still free, even if living a somewhat circumscribed existence in Russia -- Snowden has ignited debates at multiple levels. As well as the obvious ones about surveillance, privacy, power and democracy, there's another one around whistleblowing itself, which has already had important knock-on effects. Evidence of that comes in an interesting post by Bruce Schneier, where he tots up the likely number of leakers that have recently started to provide information about the US intelligence community. Alongside Manning and Snowden, he thinks there are probably five more:

Leaker #4: "A source in the intelligence community," according to the Intercept, who leaked information about the Terrorist Screening Database, the "second leaker" from the movie Citizen Four

...

Leaker #5: Someone who is leaking CIA documents.

...

Leaker #6: The person who leaked secret information about WTO spying to The Intercept and the New Zealand Herald

...

Leaker #7: The person who just leaked secret information about the U.S. drone program to The Intercept and Speigel.

Schneier's post gives links for all those stories, as well as his reasons for thinking they are likely to be separate people (although he notes numbers 3 and 7 might be the same person.) As he concludes:

Way back in June 2013, Glenn Greenwald said that "courage is contagious." He seems to be correct.

It's almost as if people taking extremely high risks to leak important information about dubious activities by the US intelligence community has become normal. That's really pretty remarkable, and show just how big Snowden's impact has been.

Permalink | Comments | Email This Story
]]>courage-is-contagioushttps://www.techdirt.com/comment_rss.php?sid=20150421/09333930739Wed, 4 Mar 2015 04:04:00 PSTSeparate And Unequal: Gen. Petraeus Facing Mild Wrist Slap For Leaking Eight Books Full Of Classified Info To His MistressTim Cushinghttps://www.techdirt.com/articles/20150303/15335330203/separate-unequal-gen-petraeus-facing-mild-wrist-slap-leaking-eight-books-full-classified-info-to-his-mistress.shtml
https://www.techdirt.com/articles/20150303/15335330203/separate-unequal-gen-petraeus-facing-mild-wrist-slap-leaking-eight-books-full-classified-info-to-his-mistress.shtml
The administration still wants to punish whistleblowers and leakers, but only if it can do it with logic borrowed from Animal Farm. When it comes to prosecution, some leakers are more equal than others.

John Kiriakou -- who exposed a single CIA operative's name while exposing its waterboarding tactics -- spent more time in jail than former CIA director Leon Panetta, who has spent (at last count) a grand total of 0 days locked up for leaking tons of classified info to Zero Dark Thirty's screenwriter, Mark Boal.

Of course, some leaks just aren't leaks, at least not according to the government. Kiriakou's were wrong. Panetta's were right. And Kiriakou spent three years in prison for a lesser "crime."

Thomas Drake faced a potential 35-year sentence for his exposure of wasteful NSA spending. The government's case against him self-imploded, however, resulting in a guilty plea to a misdemeanor and no jail time.

General Petraeus, who leaked classified information to his mistress, is in line to receive the lightest of wrist slaps for his indiscretion: two years probation and a $40,000 fine. The lightness of the sentence suggested by government prosecutors belies the extent of Petraeus' wrongdoing.

While he was commander of coalition forces in Afghanistan, Petraeus “maintained bound, five-by-eight inch notebooks that contained his daily schedule and classified and unclassified notes he took during official meetings, conferences and briefings,” the U.S. Attorney’s Office for the Western District of North Carolina writes in a statement of fact regarding the case...

All eight books “collectively contained classified information regarding the identifies of covert officers, war strategy, intelligence capabilities and mechanisms, diplomatic discussions, quotes and deliberative discussions from high-level National Security Council meetings… and discussions with the president of the United States.”

The books also contained “national defense information, including top secret/SCI and code word information,” according to the court papers. In other words: These weren’t just ordinary secrets. This was highly, highly classified material.

Petreaus retained those Black Books after he signed his debriefing agreement upon leaving DOD, in which he attested “I give my assurance that there is no classified material in my possession, custody, or control at this time.” He kept those Black Books in an unlocked desk drawer.

And again to investigating FBI agents.

In an interview on October 26, 2012, he told the FBI:

(a) he had never provided any classified information to his biographer, and (b) he had never facilitated the provision of classified information to his biographer.

United States Attorney Bill Nettles stated today that Kirstie Elaine Philome Barratt, age 22, of Fort Mill, South Carolina was sentenced to 24 months’ imprisonment today after earlier pleading guilty to making a false statement to a federal agent, in violation of Title 18, United States Code, Section 1001. United States District Judge Joseph F. Anderson, Jr. imposed the term of imprisonment, which will be followed by a 3 year term of supervised release. In October, Barratt plead straight up to the charge without a plea agreement. Barratt also may face deportation as a result of her guilty plea. During the sentencing hearing, Judge Anderson granted the government’s motion for an upward departure from the federal guidelines sentencing range of 0 to 6 months, noting that this was a “rare” case and that Barratt “knowingly placed a law enforcement officer’s life in jeopardy” by her false statement.

Petraeus was a trusted member of the military and the CIA. And he turned over eight books worth of classified info to his biographer/mistress just because she asked. But because he's part of the administration's arbitrarily-selected "in crowd," and because he didn't embarrass the government as much as he embarrassed himself, he's facing a sentence of nearly nothing. His suggested punishment will have zero effect on his current position at a top equity firm and his life will suffer none of the disruptions Kiriakou and Drake experienced. He'll be $40,000 poorer -- and with "deterrents" like these being deployed -- none the wiser.

When John Kiriakou pled guilty on October 23, 2012 to crimes having to do with sharing a single covert officer’s identity just days before Petraeus would lie to the FBI about sharing, among other things, numerous covert officers’ identities with his mistress, Petraeus sent out a memo to the CIA stating,

"Oaths do matter, and there are indeed consequences for those who believe they are above the laws that protect our fellow officers and enable American intelligence agencies to operate with the requisite degree of secrecy."

Yeah. "Oaths matter." Except when you're the one uttering them, right? Apparently, a "requisite degree of secrecy" means stashing eight books full of classified info in an unlocked desk drawer and handing them out to your clandestine SO in hopes of keeping your knob biography as polished as possible.

This administration is severely hypocritical, but seemingly no more so than in its treatment of whistleblowers. There are those who will be persecuted and punished and those whose similar indiscretions will be waved away by government prosecutors. The problem is: you may not know which of these faces of the administration you'll be facing when you decide to start blowing the whistle. Chances are -- given this administration's track record -- it will be the vindictive, angry administration that continually hopes to "send a message" with each new whistleblower/leaker prosecuted.

Those on the inside of the military/industrial/surveillance supercomplex -- who leak under the name of "anonymous official" to aid filmmakers, deploy talking points or steer narratives -- will never see this side of the two-faced administration. Their leaks are more equal than others.

Permalink | Comments | Email This Story
]]>granted-Most-Favored-Leaker-statushttps://www.techdirt.com/comment_rss.php?sid=20150303/15335330203Wed, 8 Oct 2014 12:10:41 PDTRightscorp's 'Secure' Payment System Exposes Names And Addresses Of Alleged InfringersTim Cushinghttps://www.techdirt.com/articles/20141008/05264328760/rightscorps-secure-payment-system-exposes-names-addresses-alleged-infringers.shtml
https://www.techdirt.com/articles/20141008/05264328760/rightscorps-secure-payment-system-exposes-names-addresses-alleged-infringers.shtmlRightscorp, the supposed new face in copyright enforcement, is currently trying to shake down alleged infringers for $20/infringement, using smaller ISPs (or those not signed up for the Six Strikes program) as middlemen for its small-time settlement services. Rightscorp issues scary-looking settlement letters to internet subscribers, informing them that they have been caught torrenting movie or music files and giving them a chance to pay for their (allegedly) illicitly-obtained goods through its website.

Each settlement letter (forwarded from the ISP to the customer) contains a unique link to a $20 settlement offer, which can be paid online.

Techdirt reader Andrew Jenson informs us that Rightscorp's "secure" settlement site isn't all that secure.

Rightscorp posts variables using hidden form elements rather than sessions, cookies, or something similar. This sort of lax security policy could lead to someone easily gaining access to and having a field day with the Rightscorp database which contains confidential and personal information.

Rightscorp lets Google index secure pages for anyone to find. Simply Google “rightscorp miramax” and you will find the following indexed.

If anyone's posted a link from a settlement letter on the web, anyone else can access it.

Down at the bottom of the form, you'll see some more false assurances about your data. There's a pretty little picture of a lock by the fields for your credit card info, but it doesn't link anywhere or signify anything.

In fact, Chrome has to block content from the non-secure Digital Rights Corp. website (there are links back to the corporate website all over the "secure" site) in order to call the site "secure."

Loading this script kills the security.

Verified here by "Inspect element."

Jenson notes that Rightscorp uses a "cheap GoDaddy SSL certificate with no extended validation," not exactly the sort of thing you want to hear when being asked for credit card information. Jenson adds:

Imagine if someones personal details had been entered. They would be open for the world to see.

You don't have to imagine it. It's acutally happening.

While digging around for URLs to verify Johnson's claims, I soon discovered that if someone has actually paid a settlement fee to Rightscorp, it allows the settlement receipt, along with the subscriber's name and address, to sit there openly available to anyone who comes looking.

I found four different settlements involving four different people simply by searching for publicly-posted settlement URLs using "https://secure.rightscorp.com/settle" as the search term. Some results linked to pending settlement offers but others led directly to the terms of paid settlements, which included the name and address of the accused infringer.

I informed Rightscorp of this security issue, giving the company a chance to fix this before we published. I received a response from Robert Steele, the president of the company, stating:

The name and address at that URL will be redacted in about 15 minutes. Thank you for bringing this to our attention.

That Rightscorp responded to an issue within an hour of it being raised is a good sign. Unfortunately, Steele and his IT team seemed to have missed the point of my first email. I sent an email back re-informing him that it's not a single URL that's affected. It's every single URL it's issued to alleged infringers. Any one of these can be accessed by anybody. I received this from Robert Steele about a half hour later:

They have all been redacted. There are no live links providing this information. Thank you again for bringing this to our attention. Our system is not providing any names and addresses to the public as you now assert.

So, this leak has been fixed (or at least, redacted -- the pages are still publicly available). And anyone can still access open settlements, which still makes it appear as though Rightscorp cares little for the privacy and security of the internet users it's targeting.

Remember, this is a company with grand designs on controlling the internet activities of repeat infringers (via browser hijacking) who aren't swayed by its $20/per file offers. It also appears to be bullying smaller ISPs into handing over user data, using a supposed "loophole" in the DMCA to send tons of subpoenas without actually filing lawsuits. This is the same company that claims to have a revolutionary new way to track repeat infringers, even across multiple IP addresses. But for all of its supposed technical prowess and "revolutionary" shakedown techniques, it seemingly can't be bothered to provide actual security for settlement payments or subscriber data.

The worst part is that it's those who have paid Rightscorp that were being protected the least. Their names and addresses were publicly available and linked to infringing activity. Just because Rightscorp managed to convert IP addresses into subscribers by abusing subpoenas and bullying ISPs doesn't mean it can simply leave that information laying around in the open. Maybe it felt those subscribers deserved to be named and shamed. Maybe it just didn't care as long as there was an easy way for infringers to pay up (direct link, accessible by anyone). Or maybe it just half-assed together its payment processing as cheaply as it could in order to maintain a healthier profit margin. Either way, it's more evidence that Rightscorp runs a shoddy (and shady) business, one whose success relies greatly on the ignorance of others.

Permalink | Comments | Email This Story
]]>stupid stupid stupidhttps://www.techdirt.com/comment_rss.php?sid=20141008/05264328760Tue, 6 Jul 2010 18:17:35 PDTWhere's The Line Between Whistleblowing And Criminal Leaking Of Classified Works?Mike Masnickhttps://www.techdirt.com/articles/20100706/15453910085.shtml
https://www.techdirt.com/articles/20100706/15453910085.shtmlThe Pentagon Papers to the NY Times, exposing a "classified" study that showed how the Johnson Administration had regularly (and systematically) lied about the war in Vietnam. The Nixon administration claimed that Ellsberg violated the Espionage Act of 1917, since they had no authority to share those classified documents. The administration also sought injunctions against newspapers for publishing excerpts of the documents. Eventually, the Supreme Court allowed the newspapers to publish. As for Ellsberg, his case went to trial, but it was thrown out due to government bungling, including wiretapping him without a warrant and slapstick government attempts to spy on and/or discredit Ellsberg. These days many people consider Ellsberg quite a hero for whistleblowing on illegal activities by the US government.

This all has become very pertinent again, as it appears that the US Army has finally charged intelligence analyst Bradley Manning with violating the Espionage Act for his leaking of certain "classified" information to Wikileaks.

And that leaves us back to square one of a very difficult question: what's the difference between whistleblowing and criminally leaking classified works? It seems like the line is pretty clear. If the "leak" is designed to expose otherwise illegal activities, that should be protected in some manner. If the leak, on the other hand, has nothing to do with exposing illegal activities and, instead, is just to reveal secret (but legal) information, it probably falls on the other side of the line. Where Manning's actions fall on this spectrum are still not at all clear -- but it seems like folks are rushing to push him into one or the other camps already. Hopefully some more details will come out and it becomes clear where he really falls (no matter what a court may decide...).

Permalink | Comments | Email This Story
]]>is-there-a-line?https://www.techdirt.com/comment_rss.php?sid=20100706/15453910085Thu, 31 Jul 2008 15:38:58 PDTBand Leaks Own Tracks To BitTorrent, Pretends To Be Pissed OffMike Masnickhttps://www.techdirt.com/articles/20080731/1231121854.shtml
https://www.techdirt.com/articles/20080731/1231121854.shtmlquite suspicious when the band, signed to a major label, put out a press release about how angry they were that their latest music was leaked online. So, the good folks over at TorrentFreak did a little investigating, and tracked down the fact that whoever leaked the album just so happened to use the same exact IP address as the band's manager. Oops.

So, let's try this again. Using free music as a promotional tool can work wonders, but part of that is in publicly embracing the fact that your fans want to share your music. Not creating mock outrage about it.